Add Bastion Host support #93
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build Electron App | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
jobs: | |
build-macos: | |
runs-on: macos-latest | |
env: | |
APPLE_ID: ${{ secrets.APPLE_ID }} | |
APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} | |
APPLE_DEVELOPER_TEAM_ID: ${{ secrets.APPLE_DEVELOPER_TEAM_ID }} | |
DEBUG: electron-osx-sign*,electron-notarize* | |
steps: | |
- name: Check out repository | |
uses: actions/checkout@v2 | |
- name: Install signing certificate | |
run: | | |
KEYCHAIN_NAME=build.keychain | |
KEYCHAIN_PASSWORD=$(openssl rand -base64 12) | |
echo "Decode signing certificate..." | |
echo "${{ secrets.SIGNING_CERTIFICATE }}" | base64 --decode > signing_certificate.p12 | |
echo "${{ secrets.INSTALLING_CERTIFICATE }}" | base64 --decode > installing_certificate.p12 | |
echo "Creating keychain..." | |
security create-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN_NAME | |
echo "Setting default keychain..." | |
security default-keychain -s $KEYCHAIN_NAME | |
echo "Unlocking keychain..." | |
security unlock-keychain -p $KEYCHAIN_PASSWORD $KEYCHAIN_NAME | |
echo "Importing certificate..." | |
security import signing_certificate.p12 -k $KEYCHAIN_NAME -P "${{ secrets.SIGNING_CERTIFICATE_PASSWORD }}" -T /usr/bin/codesign | |
security import installing_certificate.p12 -k $KEYCHAIN_NAME -P "${{ secrets.INSTALLING_CERTIFICATE_PASSWORD }}" -T /usr/bin/codesign -T /usr/bin/productbuild | |
echo "Listing keychains..." | |
security list-keychains -s $KEYCHAIN_NAME | |
echo "Setting key partition list..." | |
security set-key-partition-list -S apple-tool:,apple: -s -k $KEYCHAIN_PASSWORD $KEYCHAIN_NAME | |
working-directory: ./jccm | |
- name: Set up Node.js | |
uses: actions/setup-node@v2 | |
with: | |
node-version: '20.10.0' | |
- name: Install Python and set up venv | |
run: | | |
brew install [email protected] | |
python3.9 -m venv myenv | |
source myenv/bin/activate | |
python3.9 -m ensurepip | |
python3.9 -m pip install --upgrade pip | |
python3.9 -m pip install setuptools | |
working-directory: ./jccm | |
- name: Install dependencies | |
run: | | |
source myenv/bin/activate | |
npm install | |
working-directory: ./jccm | |
- name: Install appdmg | |
run: | | |
source myenv/bin/activate | |
npm install --save-dev appdmg | |
working-directory: ./jccm | |
- name: Build and package (arm64) | |
run: | | |
source myenv/bin/activate | |
npm run make -- --platform=darwin --arch=arm64 | |
working-directory: ./jccm | |
- name: Build and package (x64) | |
run: | | |
source myenv/bin/activate | |
npm run make -- --platform=darwin --arch=x64 | |
working-directory: ./jccm | |
- name: Notarize and Staple Packages | |
run: | | |
set -ex # Exit on error and print commands | |
function notarize_and_verify() { | |
architecture=$1 | |
pkg_path="./out/make/jccm-darwin-$architecture.pkg" | |
echo "Submitting $pkg_path for Notarization..." | |
xcrun notarytool submit $pkg_path --keychain-profile jccm --wait | |
echo "Stapling the Notarization Ticket to $pkg_path..." | |
xcrun stapler staple $pkg_path | |
echo "Verifying the Notarization of $pkg_path..." | |
spctl -a -t install -vv $pkg_path | |
} | |
# Log in to Notarytool | |
echo "Storing notary credentials..." | |
xcrun notarytool store-credentials jccm --apple-id $APPLE_ID --team-id ${APPLE_DEVELOPER_TEAM_ID} --password ${APPLE_APP_SPECIFIC_PASSWORD} | |
# Notarize and verify for both architectures | |
notarize_and_verify "arm64" | |
notarize_and_verify "x64" | |
set +x # Stop printing commands | |
working-directory: ./jccm | |
- name: Upload macOS artifacts | |
uses: actions/upload-artifact@v2 | |
with: | |
name: macos-installers | |
path: | | |
./jccm/out/make/*.dmg | |
./jccm/out/make/*.pkg | |
build-windows: | |
runs-on: windows-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up Node.js | |
uses: actions/setup-node@v2 | |
with: | |
node-version: '20.10.0' | |
- name: Install dependencies | |
run: npm install | |
working-directory: ./jccm | |
- name: Build and package (x64) | |
run: npm run make -- --platform=win32 --arch=x64 | |
working-directory: ./jccm | |
- name: Upload windows artifacts | |
uses: actions/upload-artifact@v2 | |
with: | |
name: windows-installers | |
path: | | |
./jccm/out/make/squirrel.windows/x64/*.exe | |
./jccm/out/make/squirrel.windows/x64/*.msi | |
build-deb: | |
runs-on: ubuntu-latest | |
env: | |
DEBUG: electron-installer* | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Install deb tools | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y dpkg fakeroot | |
- name: Set up Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: '20.10.0' | |
- name: Install dependencies | |
working-directory: ./jccm | |
run: npm install | |
- name: Package Electron app (.deb) | |
working-directory: ./jccm | |
run: | | |
npm run make-deb | |
ls -al out | |
ls -al out/make | |
mv out/make/deb/x64/*.deb out/make/deb/x64/jccm-linux-x64.deb | |
ls -al out/make | |
- name: Archive .deb artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: deb-package | |
path: ./jccm/out/make/deb/x64/*.deb | |
build-rpm: | |
runs-on: ubuntu-latest | |
env: | |
DEBUG: electron-installer* | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Install rpm tools | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y rpm fakeroot alien | |
- name: Set up Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: '20.10.0' | |
- name: Install dependencies | |
working-directory: ./jccm | |
run: npm install | |
- name: Package Electron app (.rpm) | |
working-directory: ./jccm | |
run: | | |
npm run make-rpm | |
ls -al out | |
ls -al out/make | |
mv out/make/rpm/x64/*.rpm out/make/rpm/x64/jccm-linux-x64.rpm | |
ls -al out/make | |
- name: Archive .rpm artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: rpm-package | |
path: ./jccm/out/make/rpm/x64/*.rpm | |
release: | |
needs: [build-macos, build-windows, build-deb, build-rpm] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out repository | |
uses: actions/checkout@v2 | |
- name: Read version from package.json | |
run: echo "VERSION=$(jq -r '.version' ./jccm/package.json)" >> $GITHUB_ENV | |
- name: Download Artifacts | |
uses: actions/download-artifact@v2 | |
with: | |
path: ./installers | |
- name: Install GitHub CLI | |
run: sudo apt-get install gh | |
- name: Check for existing release and delete if it exists | |
run: | | |
if gh release view ${{ env.VERSION }}; then | |
gh release delete ${{ env.VERSION }} --yes | |
fi | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Create Release | |
id: create_release | |
uses: actions/create-release@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
tag_name: ${{ env.VERSION }} | |
release_name: 'Release ${{ env.VERSION }}' | |
draft: false | |
prerelease: false | |
- name: Upload Release Assets | |
run: | | |
find ./installers -type f -exec echo "Uploading {}..." \; -exec gh release upload ${{ env.VERSION }} "{}" --clobber \; | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |